Japanese retail giant Muji has taken offline its store due to a logistics outage caused by a ransomware attack at its delivery partner, Askul.
Rebecca Moody, Head of Data Research at Comparitech:
“This is another prime example of how far-reaching the consequences of a ransomware attack can be and highlights why sectors like retail and manufacturing remain a key focus for hackers.
So far this year, we’ve recorded nearly 400 claims from ransomware groups on retailers across the world with 40 of these having been confirmed by the entity involved. While we don’t yet know which gang is responsible for the attack on Askul, you can bet your bottom dollar we’ll find out soon if ransom negotiations fail. It’s also likely that the hackers will have stolen data in the process of their attack, and with the size of Askul and the number of companies it deals with, this could be significant.”
Martin Jartelius, AI Product Director at Outpost24:
“This is a different form of supply chain attack – the company is affected because a core service provider was compromised, rather than its own IT systems. It’s encouraging to see that Muji is taking preventive actions and already has contingency and communication plans in motion. This is the best way to fight ransomware: be prepared, recover quickly, work around disruptions, and avoid paying the groups behind them.
For the organization that suffered the direct breach, it’s still too soon to draw broader conclusions. Neither the perpetrator nor the ransomware strain has been confirmed, and while there have been other major regional incidents recently, any link at this stage would be purely speculative.”
Javvad Malik, Lead CISO Advisor at KnowBe4:
“The reality of interconnected ecosystems is that you can have spotless internal controls and still be taken offline by a partner’s ransomware. Customers don’t care whose network was hit, they only see that the service or product they need is unavailable and that impacts trust. It’s why it’s important to map critical dependencies beyond IT to logistics and fulfilment, set minimum security baselines in contracts, and practice “supplier outage” playbooks. Monitor for brand impersonation during downtime, and pre‑agree data‑sharing for rapid joint incident response. Ultimately, resilience must extend past your perimeter to the partners that support your operations.”
You’re only as secure as the people that you work with. Thus my recommendation is that you work with your partners to assure your mutual security. After all, these days your mutual security is a requirement and not an option.
Related
This entry was posted on October 21, 2025 at 3:14 pm and is filed under Commentary with tags Hacked. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
Retail giant Muji halts online sales after ransomware attack on supplier
Japanese retail giant Muji has taken offline its store due to a logistics outage caused by a ransomware attack at its delivery partner, Askul.
Rebecca Moody, Head of Data Research at Comparitech:
“This is another prime example of how far-reaching the consequences of a ransomware attack can be and highlights why sectors like retail and manufacturing remain a key focus for hackers.
So far this year, we’ve recorded nearly 400 claims from ransomware groups on retailers across the world with 40 of these having been confirmed by the entity involved. While we don’t yet know which gang is responsible for the attack on Askul, you can bet your bottom dollar we’ll find out soon if ransom negotiations fail. It’s also likely that the hackers will have stolen data in the process of their attack, and with the size of Askul and the number of companies it deals with, this could be significant.”
Martin Jartelius, AI Product Director at Outpost24:
“This is a different form of supply chain attack – the company is affected because a core service provider was compromised, rather than its own IT systems. It’s encouraging to see that Muji is taking preventive actions and already has contingency and communication plans in motion. This is the best way to fight ransomware: be prepared, recover quickly, work around disruptions, and avoid paying the groups behind them.
For the organization that suffered the direct breach, it’s still too soon to draw broader conclusions. Neither the perpetrator nor the ransomware strain has been confirmed, and while there have been other major regional incidents recently, any link at this stage would be purely speculative.”
Javvad Malik, Lead CISO Advisor at KnowBe4:
“The reality of interconnected ecosystems is that you can have spotless internal controls and still be taken offline by a partner’s ransomware. Customers don’t care whose network was hit, they only see that the service or product they need is unavailable and that impacts trust. It’s why it’s important to map critical dependencies beyond IT to logistics and fulfilment, set minimum security baselines in contracts, and practice “supplier outage” playbooks. Monitor for brand impersonation during downtime, and pre‑agree data‑sharing for rapid joint incident response. Ultimately, resilience must extend past your perimeter to the partners that support your operations.”
You’re only as secure as the people that you work with. Thus my recommendation is that you work with your partners to assure your mutual security. After all, these days your mutual security is a requirement and not an option.
Share this:
Like this:
Related
This entry was posted on October 21, 2025 at 3:14 pm and is filed under Commentary with tags Hacked. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.